Skip to main content

Data Classification: Examples of "Red Light" Data - Digital Compliance Academy

Learn which data is safe for AI tools under UK GDPR. Our traffic light system provides clear examples of Red, Yellow, and Green data classification for UK businesses.

Jon McGreevy November 22, 2025 4 min read
Compliance GDPR Data Safety Security

The biggest blocker to AI adoption in the UK isn’t technology. It’s Fear.

Employees are terrified of leaking data. They have heard horror stories about Samsung engineers leaking code to ChatGPT. They read terrifying LinkedIn posts about GDPR fines. So they do nothing. They stick to the old, slow way of working.

To unlock productivity, you need to remove the fear. You do this with a simple, universal framework: The Traffic Light System.

You don’t need a data scientist to understand it. You just need common sense.

The Framework

We teach every client to classify their data into three buckets before they open any AI tool.

🔴 Red Light (Strictly Prohibited)

Definition: This data must NEVER touch a public AI model. If this leaked, you would be sued, fined, or fired.

Examples:

  • PII (Personally Identifiable Information): Names, addresses, National Insurance numbers, phone numbers.
  • Financials: Unreleased Q4 revenue figures, bank details, payroll spreadsheets.
  • Credentials: Passwords, API keys, AWS secrets.
  • Core IP: The secret formula, the unpatented invention, the deep source code.

The Rule: If you see Red data, stop. Do not paste it. Do not upload it.

🟡 Amber Light (Proceed with Caution)

Definition: This data is sensitive, but safe if sanitised. It contains concepts or strategies that are valuable, but specific identifiers can be removed.

Examples:

  • Meeting Moments: “Susan said we should target the North East region.”
  • Draft Contracts: Standard terms and conditions (without the client name).
  • Internal Emails: Non-sensitive operational updates.

The Rule: Anonymise before using. Strip the names. Strip the numbers. Then you can use AI to summarise or rephrase.

🟢 Green Light (Go)

Definition: Public domain or low-risk data. Information you want people to see.

Examples:

  • Marketing Copy: Blog posts (like this one), social media captions, website text.
  • Job Descriptions: “We are hiring a Sales Manager.”
  • Public Knowledge: “Explain how a pension works.”

The Rule: Go wild. Use the best model available.

Real-World Scenarios (The Quiz)

In our workshops, we run a “Pop Quiz” to test this logic. Here are common scenarios.

Scenario 1: The CV (Resume)

You receive a PDF CV for a job applicant. You want Claude to summarise their key skills. Verdict: 🔴 RED Why: A CV is pure PII. Name, address, employment history. The Fix: You must use an Enterprise tool (Zero Retention) OR manually redact the header and specific company names before pasting.

Scenario 2: The Customer Complaint

A customer emails: “My order #12345 to 10 Downing Street didn’t arrive. I am furious - Dave.” Verdict: 🔴 RED Why: Customer name + Address + Order ID. The Fix: Extract the context. Prompt: “Write a polite apology email for a customer whose package was late due to snow. Do not mention names.”

Scenario 3: The Python Function

A developer wants to fix a buggy function that sorts a list of dates. Verdict: 🟢 GREEN (Usually) Why: Sorting a list is generic logic. It is not trade secret. Restriction: If the code contains a hardcoded API key (e.g., api_key = "sk-123..."), it becomes RED.

Scenario 4: The Board Pack

The monthly PDF presentation for the Board of Directors. Verdict: 🔴 RED Why: This usually contains the “Crown Jewels” of company strategy. Even if you remove names, the content itself is highly sensitive. Do not upload this to a public model.

The “Anonymisation” Workflow

If you have Amber data, use this 3-step workflow to turn it Green.

  1. Identify: Scan the text for nouns (Names, Places, Companies).
  2. Replace: Swap them for generic placeholders.
    • “Jon McGreevy” -> “[Director]”
    • “Coca Cola” -> “[Client A]”
    • “£1.5m revenue” -> “[Revenue Figure]”
  3. Prompt: “Summarise the text below. Note that [Director] argues for [Strategy X].”

The AI can still understand the logic without needing the identities.

Conclusion: Build a Desk Card

Don’t bury this in a wiki. Make a physical “Desk Card” or a sticker. Put the Red/Amber/Green list on it. Stick it on every monitor in the office.

Safety isn’t about technology. It’s about habit.